Vulnerabilities > Hcltech

DATE CVE VULNERABILITY TITLE RISK
2022-08-30 CVE-2022-27563 Improper Check for Unusual or Exceptional Conditions vulnerability in Hcltech Versionvault Express 2.0.1/2.1.0
An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service.
network
low complexity
hcltech CWE-754
7.5
2022-08-29 CVE-2022-27546 Cross-site Scripting vulnerability in Hcltech Domino and HCL Inotes
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request.
network
low complexity
hcltech CWE-79
6.1
2022-08-29 CVE-2022-27547 Open Redirect vulnerability in Hcltech Domino and HCL Inotes
HCL iNotes is susceptible to a link to non-existent domain vulnerability.
network
low complexity
hcltech CWE-601
7.4
2022-08-29 CVE-2022-27558 Weak Password Requirements vulnerability in Hcltech Domino and HCL Inotes
HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability.
network
low complexity
hcltech CWE-521
7.5
2022-07-19 CVE-2022-27544 Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Platform
BigFix Web Reports authorized users may see SMTP credentials in clear text.
network
low complexity
hcltech CWE-522
6.5
2022-07-19 CVE-2022-27545 Cross-site Scripting vulnerability in Hcltech Bigfix Platform
BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.
network
low complexity
hcltech CWE-79
5.4
2022-06-09 CVE-2021-27786 Incorrect Comparison vulnerability in Hcltech Onetest Server 10.0/10.1/10.2
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner.
network
low complexity
hcltech CWE-697
critical
9.8
2022-06-01 CVE-2021-27778 Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages.
network
low complexity
hcltech CWE-79
4.8
2022-05-27 CVE-2021-27780 Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
network
low complexity
hcltech
5.3
2022-05-27 CVE-2021-27781 Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
network
low complexity
hcltech CWE-79
4.8